[tarantool-patches] [PATCH 0/4] Fixes in access control and privileges
Serge Petrenko
sergepetrenko at tarantool.org
Tue Jul 17 18:47:43 MSK 2018
This patch set fixes various issues with access control,
mostly in function access_check_ddl().
Patches 1-3 already were sent separately a couple of days
ago, but I believe they belong together, since every next
one is based on the previous.
Also I rebased patches 1-3 to the latest 1.10.
Patch 1 adds an entity privilege check to access_check_ddl
https://github.com/tarantool/tarantool/tree/sergepetrenko/gh-3516-entity-access-checks
https://github.com/tarantool/tarantool/issues/3516
Patch 2 is a follow-up to patch 1 and adds ACLs for entities
user and role.
https://github.com/tarantool/tarantool/tree/sergepetrenko/gh-3524-entity-access-grants
https://github.com/tarantool/tarantool/issues/3524
Patch 3 is a follow-up to patch 2 and adds single object access
checks in access_check_ddl and adds ACLs to a single object
user(and role).
https://github.com/tarantool/tarantool/tree/sergepetrenko/gh-3530-object-access-checks
https://github.com/tarantool/tarantool/issues/3530
Patch 4 adds an upgrade script which should fire on update to
1.10 and grant create/alter/drop privileges to users with
read and write access. Also Patch 4 modifies tests to grant
entity and object privileges instead of universal privileges.
This is made possible by patches 1-3.
https://github.com/tarantool/tarantool/tree/sergepetrenko/gh-3539-1.10-upgrade-script
https://github.com/tarantool/tarantool/issues/3539
Serge Petrenko (4):
Make access_check_ddl check for entity privileges.
Add entities user, role to access control.
Add single object privilege checks to access_check_ddl.
Add a privilege upgrade script and update tests.
src/box/alter.cc | 226 ++++++++++++++++++------
src/box/lua/schema.lua | 30 ++--
src/box/lua/upgrade.lua | 22 +++
src/box/schema.h | 6 +
src/box/user.cc | 31 +++-
src/box/user.h | 2 +
test/box-tap/auth.test.lua | 5 -
test/box-tap/session.test.lua | 15 +-
test/box/access.result | 215 +++++++++++++++++++++-
test/box/access.test.lua | 73 +++++++-
test/box/access_bin.result | 4 +-
test/box/access_bin.test.lua | 4 +-
test/box/access_escalation.result | 15 +-
test/box/access_escalation.test.lua | 10 +-
test/box/access_misc.result | 6 +-
test/box/access_misc.test.lua | 4 +-
test/box/call.result | 4 +-
test/box/call.test.lua | 4 +-
test/box/errinj.result | 30 +++-
test/box/errinj.test.lua | 21 ++-
test/box/net.box.result | 265 ++++++++++++++++++++++++++--
test/box/net.box.test.lua | 121 +++++++++++--
test/box/net_msg_max.result | 13 +-
test/box/net_msg_max.test.lua | 9 +-
test/box/on_replace.result | 2 +-
test/box/on_replace.test.lua | 2 +-
test/box/protocol.result | 9 +-
test/box/protocol.test.lua | 5 +-
test/box/push.result | 52 +++++-
test/box/push.test.lua | 27 ++-
test/box/role.result | 34 +++-
test/box/role.test.lua | 12 +-
test/box/schema_reload.result | 32 +++-
test/box/schema_reload.test.lua | 16 +-
test/box/sequence.result | 131 ++++++++++++--
test/box/sequence.test.lua | 58 ++++--
test/box/sql.result | 9 +-
test/box/sql.test.lua | 5 +-
test/box/stat_net.result | 7 +-
test/box/stat_net.test.lua | 5 +-
test/engine/params.result | 6 -
test/engine/params.test.lua | 2 -
test/engine/replica_join.result | 6 -
test/engine/replica_join.test.lua | 2 -
test/replication/autobootstrap.result | 23 ++-
test/replication/autobootstrap.test.lua | 10 +-
test/replication/catch.result | 6 -
test/replication/catch.test.lua | 2 -
test/replication/errinj.result | 3 -
test/replication/errinj.test.lua | 1 -
test/replication/gc.result | 6 -
test/replication/gc.test.lua | 2 -
test/replication/join_vclock.result | 6 -
test/replication/join_vclock.test.lua | 2 -
test/replication/skip_conflict_row.result | 6 -
test/replication/skip_conflict_row.test.lua | 2 -
test/vinyl/replica_quota.result | 6 -
test/vinyl/replica_quota.test.lua | 2 -
test/wal_off/func_max.result | 25 +--
test/wal_off/func_max.test.lua | 19 +-
test/xlog/errinj.result | 9 +-
test/xlog/errinj.test.lua | 4 +-
test/xlog/misc.result | 9 +-
test/xlog/misc.test.lua | 5 +-
test/xlog/upgrade.result | 4 +-
65 files changed, 1380 insertions(+), 329 deletions(-)
--
2.15.2 (Apple Git-101.1)
More information about the Tarantool-patches
mailing list